How to improve threat detection and response with the MITRE ATT&CK™ framework

The speed and sophistication with which cybercriminals are launching attacks is increasing year-over-year. In fact, a recent 2019 threat report showed that the time from initial compromise of a network by an adversary to lateral movement can be as little as 19 minutes.* This is challenging threat detection and incident response teams to keep up — especially as cybercriminals are also continuously changing their methods. To drive more resilient threat detection and response, defenders need to incorporate threat intelligence and threat detection frameworks that look beyond simple indicators of compromise (IOCs) to protect their network and speed response.

Join us in discussing:

- What MITRE ATT&CK™ is and how it complements other cyber frameworks such as NIST and the Cyber Kill Chain
- How AT&T Alien Labs maps correlation rules to the tactics and techniques of MITRE ATT&CK™ so customers can better understand the context and scope of an attack
- How to detect, investigate, and respond to a multi-vector attack (TrickBot) using USM Anywhere and the MITRE ATT&CK™ — within one dashboard

Industry data indicates that PCI DSS Requirement 11, "Regularly test security systems and processes," is the most commonly failed requirement. In this webcast, we’ll take a close look at PCI DSS vulnerability scanning requirements and discuss how to prepare for your PCI DSS audit with regular internal and external vulnerability scanning practices. AT&T Cybersecurity Compliance analyst, Caryn Seippel, will share a practitioner's perspective on addressing this challenging requirement as well as common mistakes and pitfalls to avoid.

Attend this webcast to learn:

- Which PCI DSS requirements map to vulnerability scanning and how
- Best practices and tips from a compliance practitioner
- How AT&T Cybersecurity solutions can help address PCI DSS vulnerability scanning
- A live demo of USM Anywhere

As soon as you detect a security incident or breach in your environment, things move fast. You need to be able to quickly ascertain what happened and how as well as which assets were involved, so that you can decide how to respond, mitigate impact, and report the incident to the business and any affected parties. In this critical time between detection and remediation, your digital forensics and incident response (DFIR) readiness is key to success.

What does it take to be forensics-ready? Join AT&T Cybersecurity for a special session webcast on DFIR readiness.

We’ll address the following questions:

- What does DFIR readiness include? What frameworks exist?
- What security tools and technologies are essential for DFIR?
- How does an effective DFIR program utilize security orchestration and automation reduce time to response (TTR)?
- How can AT&T Cybersecurity solutions help you accelerate and simplify your DFIR?

The speed and sophistication with which cybercriminals are launching attacks is increasing year-over-year. In fact, a recent 2019 threat report showed that the time from initial compromise of a network by an adversary to lateral movement can be as little as 19 minutes.* This is challenging threat detection and incident response teams to keep up — especially as cybercriminals are also continuously changing their methods. To drive more resilient threat detection and response, defenders need to incorporate threat intelligence and threat detection frameworks that look beyond simple indicators of compromise (IOCs) to protect their network and speed response.

Join us in discussing:

- What MITRE ATT&CK™ is and how it complements other cyber frameworks such as NIST and the Cyber Kill Chain
- How AT&T Alien Labs maps correlation rules to the tactics and techniques of MITRE ATT&CK™ so customers can better understand the context and scope of an attack
- How to detect, investigate, and respond to a multi-vector attack (TrickBot) using USM Anywhere and the MITRE ATT&CK™ — within one dashboard

Conducting internal audits is a security best practice and a common requirement for most compliance standards. Yet, the internal "audit season" can slow down business productivity to a grinding halt. This is especially a challenge for agile technology organizations that rely on continuous development and release schedules to drive business forward.

By adopting a continuous compliance program, you can keep your innovation humming while ensuring that you are continually addressing important industry and regulatory demands and, more importantly, maintaining secure systems and processes.

Join us for a special session with Caryn Seippel, Manager of Risk and Compliance at AT&T Cybersecurity, to learn:

Cloud computing continues to transform the way organizations use, store, and share data, applications, and workloads, but has also introduced a host of new security threats and challenges. With so much data going into the cloud—and into public cloud services in particular—these resources become natural targets for bad actors. And, contrary to what you may think, the primary responsibility for protecting corporate data in the cloud lies with the cloud customer, not with the service provider.

AlienVault is at the leading edge of cloud security with AlienVault USM Anywhere. Whether you are looking to secure your AWS & Azure cloud environments, cloud applications like Office 365 and G Suite or on-premises assets, USM Anywhere delivers essential security capabilities in a single SaaS platform.

Join this webcast to learn more about cloud security challenges and how to address them with USM Anywhere. You'll learn:

- What the shared responsibility model means for the security of your cloud assets
- Challenges with trying to use traditional on-prem security monitoring tools in your cloud environments
- How USM Anywhere gives you visibility into all assets across your cloud and on-premises environments
- Benefits of an all-in-one security solution for threat detection, incident response and compliance management

Is one of your New Year's resolutions to reduce your cyber risk in 2019? If so, do you know where to start? Join us for this special session webcast, in which we'll discuss the building blocks that make for an effective security and compliance program for organizations of any size.

Join this webcast and demo of the AlienVault Unified Security Management (USM) platform to learn how solutions from AlienVault, an AT&T Company, can help you to:

Attackers have figured out how to bypass traditional antivirus software with fileless attacks designed to hide within sanctioned applications and even within the OS itself. Host-based intrusion detection systems (HIDS), which work by monitoring activity that is occurring internally on a host, are an effective way to detect these advanced attacks before they spread.

Join this webcast to learn:

- How fileless attacks work and how they evade detection by most traditional antivirus software
- The types of endpoint activity that can be detected and logged by HIDS to catch threats like fileless attacks
- Why HIDS is an essential security control for threat detection and compliance
- How correlation of HIDS data with IP reputation data, vulnerability scans, and more can boost threat detection and response

Demonstrating compliance with PCI DSS is far from a trivial exercise. The 12 requirements of PCI DSS often translate into a lot of time and effort to access the necessary data and reports from many different systems and tools. And, after an audit is complete many teams struggle to maintain compliance.

In this webcast, you'll hear from Jacques Lucas, a Qualified Security Assessor (QSA) with Terra Verde, and Sanjay Ramnath, VP of Product Marketing at AlienVault, sharing best practices to help you simplify implementation of PCI DSS security controls and reporting.

Join us for this webcast to learn:

- The most common challenges in meeting and maintaining compliance with PCI DSS
- Best practices to help you plan and prepare for an audit
- The core security capabilities you need to demonstrate compliance
- How AlienVault Unified Security Management can simplify the compliance process

As soon as you detect a security incident or breach in your environment, things move fast. You need to be able to quickly ascertain what happened and how as well as which assets were involved, so that you can decide how to respond, mitigate impact, and report the incident to the business and any affected parties. In this critical time between detection and remediation, your digital forensics and incident response (DFIR) readiness is key to success.

What does it take to be forensics-ready? Join AlienVault for a special session webcast on DFIR readiness. We’ll address the following questions:

- What does DFIR readiness include? What frameworks exist?
- What security tools and technologies are essential for DFIR?
- How does an effective DFIR program leverage security orchestration and automation reduce time to response (TTR)?
- How can AlienVault Unified Security Management (USM) accelerate and simplify your DFIR?

Cryptominers are built to turn computing power into revenue. To make cryptomining a profitable venture, cyber criminals are writing and distributing malware to steal computing resources to mine for cryptocurrencies like Bitcoin and Monero by attacking victims' endpoints, public cloud accounts, and websites. Through various attack vectors, cyber attackers can turn compromised systems into a silent zombie army of cryptocurrency miners. Unless you have advanced threat detection capabilities to detect crypto-mining activities on your endpoints, in the cloud and on premises, you might be unknowingly sharing your valuable computing resources with cryptomining criminals.

Join this webcast to learn:

- The what, why and how of cryptomining
- How cryptomining can evade traditional antivirus and other security controls
- Best practices and essential tools for detecting cryptomining quickly
- How AlienVault Unified Security Management (USM) can alert you immediately of cryptomining activity

SIEM solutions have been widely adopted to help IT teams collect and correlate data from a variety of security point products. However, traditional SIEM deployments require a great deal of time, money & expertise to properly normalize data feeds, create correlation rules to detect threats & continuously tune those rules to limit false positives. And, after all that work is done, it has to be continuously re-done as the network & threat landscape changes.

AlienVault takes a different approach to SIEM. Join this webcast to learn how AlienVault Unified Security Management (USM) overcomes the most common SIEM challenges with:
- Built-in capabilities like asset discovery, vulnerability assessment, intrusion detection, orchestrated incident response, and log management
- Continuously updated correlation directives, vulnerability signatures, incident response guidance, and more
- Fully integrated, real-time threat intelligence from the AlienVault Labs Security Research Team and the AlienVault Open Threat Exchange (OTX)
- The ability to monitor on-premises and cloud environments including AWS and Azure, as well as cloud applications like Office 365

If you needed to provide reports to management or an auditor to prove that your IT security controls are in place and working, how long would it take you to do that? And, how many different tools would you need to consult? The AlienVault Unified Security Management (USM) platform integrates many of the core security capabilities you need along with built-in reports to help you implement IT security best practice frameworks like the NIST Cybersecurity Framework (CSF), as well as demonstrate compliance with PCI DSS, HIPAA and other regulations.

Join this webcast to see how the USM platform makes it easy to:
- Automate log collection, analysis and event correlation in a single console
- Continuously scan for new assets and vulnerabilities
- Get alerted of suspicious behavior like privilege escalations, account changes, malware and ransomware threats, and more
- Simplify compliance with pre-built and customizable reports mapped to numerous regulatory requirements

The National Institute of Standards and Technology (NIST) Cyber Security Framework (CSF) is widely recognized as an effective roadmap for improving threat detection and compliance. However, many smaller IT security teams with limited resources have trouble implementing and maintaining the recommended security controls and processes. That's where AlienVault can help.

In this webcast, AlienVault CISO John McLeod will provide insights into how AlienVault approached implementation of NIST CSF and accelerated the process using their own Unified Security Management (USM) platform.

Join this webcast for:
- An overview of security controls recommended by NIST CSF
- Best practices for approaching adoption of NIST CSF
- How a unified security toolset can greatly simplify this process
- A demo of the AlienVault Unified Security Management (USM) platform

Anybody can deliver technology, but these days Managed Service Providers (MSPs) also need to protect their customers’ networks and data. Cyber threats are a growing concern, and if you can’t provide security, your customers will find a provider who can. That’s why adding security to an MSP’s palette of services isn’t just an option; it’s a must.

In this webcast, experts from Penton and AlienVault will discuss how to turn your MSP into a profitable MSSP by adding security for customers to protect their business from the scourge of cybercrime. Join this session to learn more about:
- Current threats and how they are evolving
- Comprehensive threat protection for the cloud
- Unified security for detecting threats and responding to incidents

Roger Thornton, Chief Technology Officer of AlienVault, discusses why it is so important to start with cyber security basics and master that before adding all the latest shiny objects available in the InfoSec industry.

Video highlights:

- Detection and response of a breach is key to effectively mitigate risk for organizations of all sizes.
- Democratizing data sharing through Open Threat Exchange to find the bad actors more quickly.
- There are different strategic imperatives based on company size, industry and skilled resources.
- The AlienVault approach: unified, simplified, democratized.

To learn more about AlienVault, go to http://ow.ly/LMKB30kVijd. To join the AlienVault Open Threat Exchange, go to http://ow.ly/MuLJ30kVinb.

Interview with
Roger Thornton
Chief Technical Officer, AlienVault

Roger Thornton is the Chief Technical Officer for AlienVault. Roger’s career has been dedicated to the development of technology and new business ventures based on technical innovation. Over 25 years in the Silicon Valley and abroad, he has driven the formation and growth of dozens of new companies and hundreds of products, serving in a wide range of roles from engineering, marketing, and management, to investor/advisor.

Today’s rapidly evolving world means that traditional security measures like firewalls and antivirus are not sufficient to protect a company from a devastating breach. While it’s usually the big companies that make the headlines, the reality is every organization is a target, regardless of size. In fact, attacks are on the rise for small and midsize businesses because most lack the essential security controls necessary to mitigate risk.

With a major shortage of skilled resources in today’s cybersecurity market, more and more organizations are opting to outsource key security monitoring services to a managed security service providers (MSSPs). Whether for log management, managed detection and response (MDR), SIEM-as-a-service, or compliance management, organizations large and small are turning to MSSPs to deliver these solutions quickly and cost-effectively.

Join us for this one-hour discussion and learn how you can extend your IT team with managed security services:

Hosted By
Mike LaPeters
VP of Global Channels
Mike LaPeters joined AlienVault in 2015 and heads up the global channel initiative. Mike has more than 20 years’ experience building and leading channel organizations in security, infrastructure and storage software products. He has led teams at CA, VERITAS Software (Formerly Symantec) and he represented the sales and channel efforts from inception through acquisition at 4 startups (acquired by Microsoft, Hitachi (WD), SolarWinds, Nimboxx). He is a 3-time recipient of CRN’s Channel Chief award.

Threat intelligence offers the ability to improve threat detection and response using information on attack methods previously reported by others, but only if it can be effectively integrated into security controls and processes. So, how do you go from threat data to actionable insights?

Join AlienVault for this webcast to get a look under the hood at how the AlienVault Labs threat research team turns threat data and indicators of compromise (IoC’s) into comprehensive, actionable threat intelligence.

We'll cover:

- What threat intelligence is, and how it speeds threat detection and incident response
- Key questions to help you evaluate threat intelligence sources
- How the AlienVault Labs team analyzes threat data, and turns it into actionable information
- How AlienVault USM Anywhere integrates threat intelligence with multiple security capabilities to accelerate threat detection and response

Hosted By
Sacha Dawes
Principal Product Marketing Manager
Sacha has over 15 years of experience in technology and information security across product management, product marketing and business management roles at Microsoft, NetIQ, Gemalto and Schlumberger where he delivered solutions to address the IT security, identity and management space. Before joining AlienVault, he worked in the office of the EVP for Cloud and Enterprise business at Microsoft. Originally from the UK, Sacha is based in Austin TX and holds a Masters in Computer Science from Vanderbilt University.

Chris Doman
Threat Engineer, OTX
Chris works on Alienvault OTX as a Threat Engineer. He’s had a long interest in security, but joined the industry after winning the civilian section of the Department of Defense's forensics competition. Chris runs a popular threat intelligence portal (ThreatCrowd.org) in his spare time, and holds a CCHIA (Certified Host Intrusion Analyst) from CREST and a degree in Computer Science from the University of Cambridge.

The GDPR, or General Data Protection Regulation, will come into force on 25 May 2018 and has spurred many questions for IT teams trying to get up to speed on what the new regulation will require and how to achieve compliance in the most efficient way.

Join this webcast with John McLeod, AlienVault's CISO, and Dan Stocker, Coalfire's Practice Director of Cloud & Tech, to walk through frequently asked questions and best practices for GDPR compliance. John and Dan have been immersed in GDPR compliance efforts over the last several months and can share what they have learned, and answer your burning questions. The presenters will cover:

- What is GDPR and who is affected?
- How will GDPR impact organizations outside the EU?
- What is meant by personal data in the context of GDPR?
- What are some of the steps and effective tools you need to comply?
- What should your incident response plan look like in the event of a breach?
- What happens to companies that fail to comply?

We'll wrap up with a brief demo of the AlienVault Unified Security Management (USM) platform to illustrate how AlienVault can help accelerate and simplify your path to compliance.

Hosted By
Sacha Dawes
Principal Product Marketing Manager, AlienVault

Sacha has over 15 years of experience in technology and information security across product management, product marketing and business management roles at Microsoft, NetIQ, Gemalto and Schlumberger where he delivered solutions to address the IT security, identity and management space. Before joining AlienVault, he worked in the office of the EVP for Cloud and Enterprise business at Microsoft. Originally from the UK, Sacha is based in Austin TX and holds a Masters in Computer Science from Vanderbilt University.

Implementing effective asset discovery and vulnerability assessment are two of the most important first steps in improving IT security. Before you can protect your environment, you need to understand what assets you have across your cloud and on-premises environments, and be able to identify and prioritize vulnerabilities.

View this on-demand webcast and demo to see how the AlienVault Unified Security Management platform can help with these essential capabilities:

- Discover all assets across your cloud and on-premises environments
- Get alerted when new assets connect to the network
- Schedule vulnerability scans of individual assets, asset groups or entire networks
- Prioritize vulnerabilities by severity and likelihood of exploit
- Quickly identify availability of patches, saving time researching each vulnerability

Hosted By
Sacha Dawes
Principal Product Marketing Manager

Sacha joined AlienVault in Feb 2017, where he is responsible for the technical marketing of the AlienVault Unified Security Management (USM) family of solutions. He brings multiple years of experience from product management, product marketing and business management roles at Microsoft, NetIQ, Gemalto and Schlumberger where he has delivered both SaaS-delivered and boxed-product solutions that address the IT security, identity and management space. Originally from the UK, Sacha is based in Austin, TX.

The GDPR, or General Data Privacy Regulation, will come into force on 25 May 2018 and requires organizations to maintain a plan to detect data breaches, regularly evaluate the effectiveness of security practices, and document evidence of compliance. If you don’t already have the required security tools and controls in place, your organization will need to start planning now to achieve compliance and mitigate the risk of high fines for failing to comply.

That's where AlienVault can help. In this webcast, AlienVault CISO John McLeod will provide insights into how AlienVault has approached the GDPR compliance process internally, along with how our Unified Security Management (USM) platform can help accelerate and simplify your path to compliance.

Join this webcast to learn:

- Best practices for approaching GDPR compliance
- How to assess your level of readiness and build your roadmap to compliance
- How a unified security toolset can both expedite and simplify this process

We'll also provide a brief demo of the USM platform to illustrate some of the technical controls you need in place TODAY for compliance.

Hosted By
Sacha Dawes
AlienVault Principal Product Marketing Manager

Sacha joined AlienVault in Feb 2017, where he is responsible for the technical marketing of the AlienVault Unified Security Management (USM) family of solutions. He brings multiple years of experience from product management, product marketing and business management roles at Microsoft, NetIQ, Gemalto and Schlumberger where he has delivered both SaaS-delivered and boxed-product solutions that address the IT security, identity and management space. Originally from the UK, Sacha is based in Austin, TX.